#!/bin/bash
certDir=/etc/docker/certs.d/server.k8s.local:18443
mkdir -p $certDir
# https://docs.docker.com/engine/security/certificates/
# /etc/docker/certs.d/        <-- Certificate directory
# └── localhost:5000          <-- Hostname:port
#     ├── client.cert          <-- Client certificate
#     ├── client.key           <-- Client key
#     └── ca.crt               <-- Root CA that signed the registry certificate, in PEM


# ok with 1.18.06; err with 1.10.3@barge
#   ctd still used.
# cat > /dev/null <<EOF
cat > $certDir/cert.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIEkzCCA3ugAwIBAgIURvpBirXg5SkuVJYAE9fHdHKAZJYwDQYJKoZIhvcNAQEL
BQAwZzELMAkGA1UEBhMCQ04xFDASBgNVBAgTC1poYW5namlha291MQ4wDAYDVQQH
EwVIZWJlaTEMMAoGA1UEChMDazhzMQ8wDQYDVQQLEwZTeXN0ZW0xEzARBgNVBAMT
Cmt1YmVybmV0ZXMwIBcNMjMwMjA3MTc1NjAwWhgPMjMxNDAxMDMxNzU2MDBaMFsx
CzAJBgNVBAYTAkNOMQ8wDQYDVQQIEwZ0aWFuaGUxCzAJBgNVBAcTAmd6MQwwCgYD
VQQKEwNrOHMxDzANBgNVBAsTBlN5c3RlbTEPMA0GA1UEAxMGc2VydmVyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKX6dJdwlQk/mFomG1jH+AxfjriB
a6Z0FaUroZdCQvnGeyNQA5BTjW0qfr0PVJjCU4HSNPzNBxQP2GIZrM+g4ZQMb+DM
q68tuiPHoVzENgUUBYibb2SKBLDF58NdZqG5XR0SSoh/Nl8tV9nLWAWkk9U+iwop
/xBT4n5DESjiXxkC3HOmcpZzEkZKqCAGlnZLC+vxH+2wFyQrczpoTdc3kocDnhXZ
AZCFq1WmhqIn3TktASiMXQF+9ud/xiwrSHY9i4CwcSpq/gPqgB3QSe/jB+tPiAK9
medUA5CnAOPDNlH85px9gUAKkNLz9MV6216qA66zD+B4NF2eI+BYVt9ZTQIDAQAB
o4IBPzCCATswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQp95Ga4yldsYKa/apoLi63
Gm5CKDAfBgNVHSMEGDAWgBS6AXW6M7k3VLIcMsYjpsNy99PqETCBuwYDVR0RBIGz
MIGwggcqLmtlZGdlghBzZXJ2ZXIuazhzLmxvY2FsggprdWJlcm5ldGVzghJrdWJl
cm5ldGVzLmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0
ZXMuZGVmYXVsdC5zdmMuY2x1c3RlcoIja3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5j
bHVzdGUubG9jYWyHBH8AAAGHBKwZFTyHBAoKCgGHBKwAAAEwDQYJKoZIhvcNAQEL
BQADggEBAGqfo7m1B8nQTWNEUCS442oWjFs3CQuunQk6fZRPpzTAfixpcnlruSlt
WRQ6fa7ejRtlSjXs5bVcSGub2BYeLw42srKhBUQSQJpGXs+DCV0/dx1/Qy6T4JD2
g9CEp6VX2DpifSvPoB9RXA4/WTP5qf7crPMJ8P963SEVm9umSG7W8gnbymNqfQlv
7gTzKkz0EKEAbY5Gf9T/UJMK18pLTldGr+jw1LL6WaN18nhUYdzy7qZw84eKIkVb
LxSQwmEjq6Yu2Mwfya0c6I0+4VMEU5hEO/7YOJOZ2qqMXFKGNp5rdkKooR3FJfxz
7XIdod60VG4LWPuYg1bhcWlS/AVXYg0=
-----END CERTIFICATE-----
EOF

# k3s/registry/certs/$domain/ca-old-registry-docker-cli-used.pem
cat > $certDir/ca.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIUa43H7NlaZjQ9/4qHByvM8m7WnKUwDQYJKoZIhvcNAQEL
BQAwZzELMAkGA1UEBhMCQ04xFDASBgNVBAgTC1poYW5namlha291MQ4wDAYDVQQH
EwVIZWJlaTEMMAoGA1UEChMDazhzMQ8wDQYDVQQLEwZTeXN0ZW0xEzARBgNVBAMT
Cmt1YmVybmV0ZXMwIBcNMjMwMjA3MTc1NjAwWhgPMjMxNDAxMDMxNzU2MDBaMGcx
CzAJBgNVBAYTAkNOMRQwEgYDVQQIEwtaaGFuZ2ppYWtvdTEOMAwGA1UEBxMFSGVi
ZWkxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJl
cm5ldGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA89B/XSBKJoYK
UlfhYnAT13PelO3BsHoj//Ptn5GkWFcuafDw3knSpgYRRtr4R2tVBtpCYMM76Cbo
bMrVOjn1l8APiblDQTQo2ayy0QWcBKbFf6RKfc2q7orjXjZx09RGuusHlzt1atYT
y858ByriM80+sj5pEgxDpEp5SqXVRHOH8KHrSY9vusIF4j4SxyoeDrrYGOxe93TP
NCaPDAec0TONkb3p0nY7/RBk8nG3wtR0rs6G2m2BOVtFV+U/JY5lcM9w8Vey2PJ8
hVG9HfHBFQ2Dk9zORTaQKeSW9r7lR9j9JexxclM970s6guPTatkq0b3tP3aZ69Xz
V/cfX1McKQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQUugF1ujO5N1SyHDLGI6bDcvfT6hEwDQYJKoZIhvcNAQELBQAD
ggEBAPMvdba/yL5jiERHrx/0+DcHtHDT2t31NovuDADRryOomWOAdvy+f6SyY4Mz
8w8t+w8IuROQI85IUcGeqykfSjLyswMIyFJ0mpG2+DZJ12BeXl5vAB0CMDq4a4SC
9UHxedpVZC9d+1zL9zvRflsYUsCF7HxkRKDKP0d08nY045szrr1/ZxCQY/lBmblB
4JLB2rwfuasxRhChVHMw8YrDwwDHIThmptDelyWTLzx6RCs3fSB4I+uOgQRSkLdo
hRSDQmvtvyMpt17WxbkbJTihRip69280IqKFTIztyCUzQIvCscPE47gkBtEm6XYs
Nvx0e14hKLvaiUUcRJExVL0vVFM=
-----END CERTIFICATE-----
EOF

find /etc/docker/certs.d
md5sum $certDir/cert.crt